Hemanth Joseph, a Kerala based security researcher bypasses Apple’s iPad activation lock

Hemanth Joseph

Hemanth Joseph, a security researcher based in Kerala has reportedly discovered a bug running on iOS 10.1 using his iPad. The alleged loophole enabled him to bypass the activation lock on an iPad.

You should note that the activation lock in iPhone or iPad is very hard to hack other than the owner of the gadget. Moreover, it is more difficult to establish it a a new gadget.

According to a report published in Forbes, Joseph easily bypassed the activation lock in a locked iPad by discovering a weakness in the setup process of the iPad running iOS 10.1.

When he was prompted to select a Wi-Fi network, he choosed “other network” and tapped on WPA2-enterprise as the type of network to connect to. It provided him with three input filed namely name, username and password.

During testing, he noticed that there are no restriction on character in the three fields. Out of interest, he keyed in several characters beyond the capacity of iOS. He expected that the software could crash.

As predicted, his iPad was frozen. After that, he locked it by closing Apple’s magnetic Smart Cover over the display. However, the iPad was at the same display after opening the cover.

After few seconds, iPad crashed to iOS home screen dashboard. This activity caused Joseph to bypass the activation lock enabling him to access the iPad completely. In the meantime, Apple had resolved the bug after Joseph reported it to the Cupertino-based tech giant.

In the past, researchers at US-based Vulnerability Lab discovered the iOS 10.1.1 bug. They reproduced the same bug which the Joseph reproduced.

DONT MISS  Apple iPhone 7: Images, Pricing, Colors leaked

Joseph is currently serving as information security researcher at the company named Slash Secure. He is also working as commander at Kerala Police Cyberdome. He is also the founder of 0SecCon, which is India’s first open security community for students.

If you verify Google’s Hall of Fame, you will find Joseph’s name. He also received a bounty of $7500 for reporting a critical vulnerability in Google Cloud Platform.

Anand Narayanaswamy is the editor-in-chief of Netans. He was recognized as a Microsoft Most Valuable Professional (MVP) for 9 years (2002 to 2011) and again as a Microsoft MVP in Surface under Windows and Devices in January 2024. He worked as a Chief Technical Editor with ASPAlliance and was part of ASPInsider program. Anand has published several articles and reviews related to various software and hardware products for various software and technology related websites. He is also active on social media and also participates as an Influencer for various brands. Anand can be reached at admin@netans.com

more recommended stories